Skip to content

Instantly share code, notes, and snippets.

@prinsharma1999

prinsharma1999/subdomain_wordlist.md

Forked from cihanmehmet/subdomain_wordlist.md
Created May 16, 2021 19:15
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save prinsharma1999/df9555e816123f2e6ecc22796f891f77 to your computer and use it in GitHub Desktop.
Save prinsharma1999/df9555e816123f2e6ecc22796f891f77 to your computer and use it in GitHub Desktop.
Download ZIP
Subdomain Wordlist
Raw
subdomain_wordlist.md

⏳🔺33 Million Subdomain Wordlist🔻🧱🔨👀

https://mega.nz/file/UsJXzITR#TMIFTXnW1zABHfZUIKMPMvA-c8UvzGWeAd4mg4gGCtQ

cmd@fb:/tmp|❯ wc -l 33m-subdomain-wordlist.txt
 33927885 33m-subdomain-wordlist.txt

🚨🔺15 Million Subdomain Wordlist🔻 🧱🔨👀

https://mega.nz/file/BtIh2KaZ#zI1aZgAdHYdBfvKC5G8bwXwfFG11Gx0CW1zLhc0weC8

cmd@fb:/tmp|wc -l 15m_sub_wordlist.txt
 15677820 15m_sub_wordlist.txt

11m_sub_wordlist.txt Download Link

https://mega.nz/file/sgRRTCYZ#2YvaeX3jPSJOtbt9M6PQzdatM-HaB6E-Wq08tjs8GzU

cmd@fb:~/Desktop|⇒  wc -l 11m_sub_wordlist.txt
11466866 11m_sub_wordlist.txt

11m_sub_wordlist.txt 137 MB

image

Subdomain Brute Force

cat 11m_sub_wordlist.txt | subgen -d "bing.com"> not_resolve_subdomain.txt
echo "bing.com">bing.txt
comb -s="." 11m_sub_wordlist.txt bing.txt > not_resolve_subdomain.txt
cat not_resolve_subdomain.txt | zdns A --threads 10000 --name-servers=1.1.1.1 | jq -r "select(.data.answers[0].name) | .name" |tee resolve_subdomain.txt

ZDNS Too Many open files Error Solution

ulimit -n 100000

Aiodnsbrute

sudo pip3 install aiodnsbrute
aiodnsbrute yahoo.com -w /tmp/11m_sub_wordlist.txt -o csv -t 10000 -r resolver.txt

resolver.txt=>1.1.1.1

cat yahoo.com.csv | cut -d, -f1 | grep yahoo.com>yahoo.com.txt

Subdomain+Bruteforce List Create

for i in $(cat 11m_sub_wordlist.txt); do echo $i".bing.com">>not_resolve_subdomain.txt; done   #first method
cat 11m_sub_wordlist.txt | xargs -L1 -P20 -I@ bash -c "echo @.'bing.com'>>not_resolve_subdomain.txt"   #second method
cat 11m_sub_wordlist.txt | awk '{print $1".bing.com"}'>not_resolve_subdomain.txt   #third method
while read -r sub; do echo $sub".bing.com">>not_resolve_subdomain.txt ; done < 11m_sub_wordlist.txt   # fourth method
echo "bing.com">bing.txt ; comb -s="." 11m_sub_wordlist.txt bing.txt > not_resolve_subdomain.txt   #fifth method
cat 11m_sub_wordlist.txt | subgen -d "bing.com">not_resolve_subdomain.txt    #sixth method
goaltdns -h bing.com -w /tmp/11m_sub_wordlist.txt -o not_resolve_subdomain.txt    #seventh method

List Bruteforce Create

cat 3.txt
bing.com
tesla.com
google.com
while read -r sub; do awk '{print $1".'$sub'"}' ~/a/10k.txt >> $sub_non_resolve.txt; done < cat 3.txt

Ksubdomain and Zdns Alive Subdomain

cat resolve.txt
1.1.1.1
8.8.8.8
sudo ksubdomain -f not_resolve_subdomain.txt -e 0 -verify -o resolve.txt -s resolve.txt

cat not_resolve_subdomain.txt | zdns A --threads 10000 --name-servers=1.1.1.1 | jq -r "select(.data.answers[0].name) | .name" |tee resolve_subdomain.txt

Simple Brute-Force Bash Functions

bruteforce(){
    $1=domain
	printf "[+] Bruteorce $domain Start"
	printf "                        \r"
	cat ~/wordlist/1m.txt | awk -v url="$domain" '{print $1"."url}' > /tmp/1m-notresolve-domain.txt
	cat /tmp/1m-notresolve-$1.txt | zdns A --threads 8000 --name-servers=1.1.1.1 | jq -r "select(.data.answers[0].name) | .name" > bruteforce-$domain
	cat bruteforce-$domain2 | grep $domain | xurls -r | sort -u > result-$domain
	rm bruteforce-$domain /tmp/1m-notresolve-domain.txt
	echo -e "[*] $domain Bruteorce  Done $(wc -l result-$domain | awk '{ print $1}')"
}

Buruteforce $1

Usage

bash bruteforce.sh bing.com

Tools Github Links

https://github.com/blark/aiodnsbrute

https://github.com/Q2h1Cg/dnsbrute

https://github.com/knownsec/ksubdomain

https://github.com/subfinder/goaltdns

https://github.com/zmap/zdns

https://github.com/pry0cc/subgen

https://github.com/tomnomnom/comb

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment